PingDirectory

Adding connection information to request-type log messages

You can add connection information to request-type log messages for file-based access log publishers of type file-based-access or json-access.

About this task

If your applications use the outputs of access log publishers to trigger workflow responses, you can enrich those logs with connection information related to bind, search, and modify access requests. To add this connection information, enable the include-connection-details-in-request-messages configuration property for existing and new file-based access log publishers.

The include-connection-details-in-request-messages property is disabled by default. The property supports only file-based-access and json-access type file-based access log publishers.

When you enable the include-connection-details-in-request-messages property, the log messages for request-based connection types include the following information:

  • Client IP address

  • Client port (LDAP connections only)

  • PingDirectory server IP address

  • PingDirectory server port (LDAP connections only)

  • Communication protocol

Steps

  • Enable the include-connection-details-in-request-messages property for a file-based access log publisher of type file-based-access or json-access.

    Choose from:

    • Enable the property in an existing log publisher. For example:

      $ bin/dsconfig set-log-publisher-prop \
        --publisher-name "Test JSON Access Log Publisher" \
        --set include-connection-details-in-request-messages:true

      You can disable include-connection-details-in-request-messages by setting it to false.

    • Create a new log publisher with the property enabled. For example:

      $ bin/dsconfig create-log-publisher \
        --publisher-name "Test Writer Access Log Publisher" \
        --type file-based-access \
        --set enabled:true \
        --set log-connects:true \
        --set log-disconnects:true \
        --set log-security-negotiation:true \
        --set log-requests:true \
        --set log-file:logs/testaccess.log \
        --set include-extended-search-request-details:true \
        --set include-requester-ip-address:true \
        --set include-requester-dn:true \
        --set include-request-controls:true \
        --set include-response-controls:true \
        --set "rotation-policy:24 Hours Time Limit Rotation Policy" \
        --set "rotation-policy:Size Limit Rotation Policy" \
        --set "retention-policy:File Count Retention Policy" \
        --set include-connection-details-in-request-messages:true